W32.Stong.A


Aliases: W32/STONG.A
Variants:

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 18 Jul 2006
Damage: High

Characteristics: The W32.Stong.A application propagates by infecting files that are executable and has keylogging and downloader capabilites. This virus infects executable files by prepending its body to them.

More details about W32.Stong.A

The worm tries to infect all the files that are executable that are associated together with the entries of the subkeys of the registry. The virus infects the files that are executable by the prepending of the viral body to the files. The virus also saves the icon which is the original of the file that was infected in %UserProfile%\Local Settings\Temp\target.ico folders. The %UserProfile%\ variable refers torecent folder of the profile \. This is the C:\Documents and Settings\[CURRENT USER] found on Windows 2000, Windows NT, and windows XP. The virus then restores the icon, original ones, so the files that were infected will not appear as changed or distorted. The virus can generate another file. It generates subkey of the registry. The virus tries to contact the remote sites on the prot 80.

Once the W32.Strong.A was being performed, the virus creates the mutex “”. The worm infect the executables Windows such as the %System%\notepad.exe and %System%\dllcache\notepad.exe. The variable %System%\ refers to the folder of the system. This is the C:\Windows\System32 (only Windows XP), C:\Winnt\System32 (Windows 2000 and Windows NT), and C:\Windows\System (Windows Me, Windows 98, and Windows 95). The worm also specifies the running processes on your computer. Also the virus tries to infect any of the process that has names such as regedit.exe, msmsg, daemon.exe, mixer, soundman, adobe, adgj, stimon, usbdetect, msn6.exe, winampa, ctfmo, and Kodak. The virus specifies the entries that can be found on the subkeys of the registry.